The Fundamentals of Intrusion Prevention System Testing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Fundamentals of Intrusion Prevention System Testing"

Transcription

1 The Fundamentals of Intrusion Prevention System Testing

2 New network-based Intrusion Prevention Systems (IPS) complement traditional security products to provide enterprises with unparalleled protection against external and internal attacks. An exponential rise in application vulnerabilities that are easily exploited through standard ports have rendered traditional Firewalls ineffective against attacks. While Intrusion Detection Systems (IDS) can often detect these attacks, these passive systems offer little more than an after-the-fact notification. In contrast, an IPS is designed to examine all traffic that passes through it to detect and filter out malicious packets. Analogous to anti-virus systems, IPS s can be centrally managed and armed with additional filters whenever a new vulnerability is discovered. More akin to switches than sensors, IPS s are typically installed as part of the network infrastructure, both at the perimeter and in the core of the network. A typical IPS deployment is shown in figure 1. In this example, three IPS s filter packets on one external and two internal segments. The internal segments in this example are different subnets, connected by a router. Internet IPS Router IPS IPS Switch Switch PC A PC B Server C Server D Figure 1: Prototypical IPS deployment. To be effective, an IPS must exhibit the same network performance characteristics of other network infrastructure products, like switches and routers, while at the same time performing stateful deep packet security processing to filter out layer 2-7 attacks. This stringent set of requirements demands a new test methodology and a new set of tools to verify their efficacy. In particular, it is necessary to measure performance and security functions simultaneously since they are interdependent. In this document we define a methodology that should be used when testing IPS products. Page 2

3 IPS Testing Principals Traffic Mix As with any network infrastructure product, it is necessary to test the IPS with real-world traffic mixes. This is important because packet size, protocol distribution, packet contents, packets per second, protocol mix, the number of sessions, new sessions per second, and duration of sessions can all impact system performance. In particular, IP networks typically carry a combination of TCP and UDP packets with a small fraction of other traffic types. TCP flows are capable of adapting to network congestion, while UDP tends to be less resilient. Testing with only one traffic type is not representative of realworld conditions and tests results will vary dramatically between the lab and a production environment. Studies by CAIDA, the Cooperative Association for Internet Data Analysis, have characterized traffic on the Internet. These studies show an average packet size between 413 and 474 bytes. 1,2 The distribution of packet sizes is tri-modal, with peaks near 64, 512, and 1518 bytes. About 85% of the packets and 92% of the bytes are TCP, and 12% or the packets and 5% of the bytes are UDP. The remaining traffic is a mix of IP encapsulated, ICMP, GRE, and other protocols. Two-thirds of the UDP traffic in these studies was DNS and RealAudio. The remaining is a mix of applications, 13% of which CAIDA could not classify. The average packet size of a UDP packet was bytes. The traffic in Local Area Networks varies significantly from that of the Internet, which CAIDA monitored. In particular, the amount of UDP traffic in local area networks can be significantly higher than found on the Internet. Many RPC applications use UDP instead of TCP for performance reasons. Microsoft name resolution services, Sun RPC applications, SNMP, DNS, and streaming media applications can all increase the UDP workload in a LAN environment. For example, if the corporate network is using Sun NFS, UDP can account for a significantly higher percentage of the workload and an increased average UDP packet size. As stated above, an IPS is deployed both at the perimeter and in the corporate backbone. When testing an IPS, it is important to test the device's performance under a mix of TCP and UDP traffic. Testing a range of workloads with a TCP:UDP traffic mix of 100:0 (all TCP), 90:10, 80:20, and 70:30 is recommended. These ratios are by bytes; 90:10 means that 90% of the bytes are TCP and 10% of the bytes are UDP. The average UDP packet size should be around 200 bytes. An IPS that can perform well in these ranges is likely to perform well in any corporate network environment. Throughput and Latency In testing an IPS, it is impossible to separate throughput from latency. As an infrastructure element, latency will dramatically impact throughput and can quickly Page 3

4 become the dominant parameter for network performance. This effect is particularly noticeable for applications built on TCP. TCP achieves a maximum throughput of window/rtt, where window is the maximum window size and RTT is the round trip latency in the network. In the TCP protocol, 16 bits are reserved for the window size in the TCP header, which allows for window sizes up to 64 kilobytes. In a local area network, RTT is typically around 1 millisecond (msec). This gives a maximum throughput of 64 Mbytes/sec, or 512 Mbps. 3 Any network element that adds a significant amount of latency will reduce TCP throughput. A network element will increase RTT by twice the one-way latency, which is typically what is reported on manufacturer's datasheets. For example, adding a network element with a latency of 2 milliseconds will increase RTT from 1 msec to 5 msec, reducing maximum throughput by 80% about 100 Mbps. The latency of an IPS can be multiplied several-fold in a real deployment. As shown in figure 1, a packet may traverse multiple IPS s between PC A and Server C. Each traversal of an IPS introduces latency and the effect is cumulative. For example, if each IPS introduces 2 milliseconds of one-way latency, RTT jumps to 9 msec and the maximum bandwidth reduced to less than 57 Mbps. Latency must be measured along with bandwidth under steady-state conditions. To illustrate the pitfalls of separately testing latency and bandwidth, one customer tested an IPS product by sending a 10 second burst of traffic at 1 Gbps using SmartBits. They observed no packet loss, and concluded that the product had a throughput of 1 Gbps. Closer examination revealed that the latency climbed to almost 30 seconds during the test; the 10-second burst of traffic was absorbed by a buffer in the IPS and drained out of the product over the next 30 seconds. In summary, latency and throughput must be measured simultaneously, and the average latency should be similar to that of other infrastructure elements well under a millisecond. IPS Configuration For any performance tests to be meaningful, it is important that the IPS be configured with all filters enabled. New vulnerabilities are being discovered at an exponentially increasing rate; the number of reported vulnerabilities has doubled every year since This means that the number of filters required to protect a network will increase dramatically over the lifetime of the IPS. 3 To work around this limitation a special option, called the TCP window scale option, was introduced in RFC This option is negotiated at the opening of the connection, so if a window size of greater than 64 KB is to be established it must be done at connection set-up time. Unfortunately, many applications do not set this option, so their throughput on a LAN is governed almost entirely by the latency in the network. 4 Page 4

5 In some IPS architectures, performance is directly proportional to the number of active filters. Software-based IPS solutions are particularly susceptible to this phenomenon. Each filter introduces additional rules that must be processed for each packet that flows through the box. Hardware-based solutions may incorporate specialized accelerators and parallel processing engines that allow the number of filters to scale without impacting performance. To ensure that the IPS can scale to the number of filters that will be needed after several years of service, performance testing should be performed with all filters enabled. Attack Blocking Unlike an IDS, IPS s are active, inline devices. This gives the IPS the opportunity to block attacks, but introduces new requirements on testing. Intrusion Detection Systems (IDS) are traditionally tested by replaying packet traces of captured attacks and verifying that the IDS generates an appropriate alert. Since IDS s are passive devices, they inspect a copy of network traffic; the copy is typically obtained using port mirroring to inspect traffic going through a switch. IDS test tools mimic this arrangement by replaying the attacks unidirectionally at the IDS. When testing an IPS, attacks must be played bi-directionally. That is, packets from the attacker should arrive one IPS interface, and packets from the target on another. Most IDS testing tools play attacks unidirectionally, with two notable exceptions. Blade Software is purported to be releasing a tool that can replay attacks bi-directionally 5, and the open source tool tcpreplay can play attacks bi-directionally. No matter what tool is used, the tool must independently verify that the attack is blocked and retransmit lost packets. The only reliable way to verify that a replayed attack is blocked is to ensure that the attack packets are not received at the target. We know of no IDS/IPS test tool that checks whether the replayed attack is actually blocked. The test tool must include a retransmission mechanism to allow for packets lost due to network congestion. Since the testing should be done under load, it is possible that the IPS drops a packet due to congestion. The tool that plays the attacks must retransmit lost packets to account for this possibility. The attacks chosen for IPS testing must be attacks that can be blocked. Detecting an attack without blocking is an IDS function, and should be reserved for IDS testing. Finally, the test must verify that legitimate traffic is not blocked. The best way to do this is to play a high load of clean background traffic while performing security testing and verifying that it is minimally affected by the attacks and never inadvertently blocked. Like IDS s, some IPS architectures may miss attacks if the attack is launched while the 5 The bidirectional version is in beta. Page 5

6 system is heavily loaded. Load can take many forms, including bandwidth, packet arrival rate, session count, and session creation rate. For this reason, the device s ability to block attacks should be tested at and near the physical limits of the IPS, not just the rated limits. In addition to testing security efficacy, testing at the rated limit has an important side effect: it tests whether the IPS will erroneously block good traffic while under attack. Although some performance degradation can be expected if the IPS is under an extremely heavy attack load, the degradation should be graceful. IPS performance should not fall off a cliff because the load is high, and it should never crash. Any such instability is inviting attackers to launch denial of service attacks against the network the IPS is supposed to protect. To summarize, IPS security testing should be done with a high load of attack-free background traffic. The testing should show that this background traffic is minimally affected by the tests and never inadvertently blocked. The tool used for replaying attacks must detect and retransmit lost packets, and it must report when an attack completes or is blocked, independently verifying the IPS s claim that it blocked the attack. To our knowledge, no previously available testing tool meets these requirements. Spitfire, a tool described below, was developed to fill this gap. Proposed Test Setup and Methodology A specific test setup and methodology is proposed based on the test principals described above. The test setup is straightforward and representative of a real-world environment. It supports various tuning knobs so that the test scenarios can be tailored to match specific customer environments. The test jig is illustrated in Figure 2. A pair of switches that are used to aggregate multiple data sources flanks the IPS. Depending on the IPS capacity, one or more switches may be used to achieve the desired bandwidth. In our lab, we use four PCs and a SmartBits to generate background and attack traffic, and to measure throughput and latency. The PCs are 2.8 GHz Pentium 4s running RedHat 7.3 (Linux ). Each machine has three network interfaces: two Intel PRO-LAN 10/100/1000 Ethernet adapters for data traffic and one management Ethernet interface. We cabled the data port of the machines and assigned IP addresses as shown in figure 2. All links are Gigabit Ethernet. To generate TCP traffic load, we ran Apache on the machines 1-3. We installed a large (50Mbyte) text file containing random data in the ServerRoot directory. Each machine retrieved this file via HTTP from a corresponding server on the other side of the IPS. For example, machine 1 retrieved a file via the port from Page 6

7 Machine 2 similarly retrieved a file from machine 3, and machine 3 from machine 1 6. We wrote a simple program called netgen to fetch multiple files from the web server in parallel and to read the generated data at a fixed rate. Command line parameters control the rate at which data is consumed and the number of simultaneous streams. This simple technique can easily generate more than 2 Gbps of TCP traffic with a few PCs. Switch PC eth1 PC2 PC3 IPS PC eth2 Smart Bits Switch Figure 2: Test Jig Configuration To measure the amount of TCP traffic actually generated, we wrote a program to sample the counters on the Ethernet adapters every two seconds and total the results. The program computes mean bandwidth over 10 and 60 seconds intervals. To generate UDP traffic, we used a SmartBits 6000B with a LAN-3301A 10/100/1000 Mbps TeraMetrics module. The 6000B was controlled using SmartFlows 2.0 software, and both average latency and UDP throughput were measured. We configured the SmartBits to send 192 byte UDP packets with random payload on ports 1024 and 1025 through the IPS. To calibrate the system for a given traffic mix, we set the TCP and UDP flows for the desired traffic mix. For example, to generate 1000 Mbps with an 80:20 mix, we want to generate 800 Mbps of TCP and 200 Mbps of UDP. SmartBits is therefore configured to generate 200 Mbps of UDP and netgen is configured to generate 800 Mbps of TCP. To verify the configuration, we bypass the IPS with a wire and measure the aggregate throughput (TCP and UDP) as well as latency. The baseline latency is that introduced by the switches and is typically small (in the tens of microseconds). We then reintroduce 6 To force the traffic out the right interface, we installed specific routes on each of the PCs. Page 7

8 the IPS and measure latency and throughput. Three samples are taken to ensure repeatability. All tests are conducted with all attack filters enabled. 7 Security Testing The most important feature of an IPS is that it blocks attacks while not adversely affecting network performance. This means it must pass the performance test above, and that it must not miss attacks when under load. To test this property, we ran security tests under each load scenario listed above. The Spitfire tools (described below) are used to replay attacks through the IPS on PC 4. These tools are described below. The attacks are stored in packet traces, and Spitfire replays the attack exactly as they would appear on a real network. Spitfire is instrumented to log when an attack is missed by the IPS (i.e., when the network packets containing the attack are seen on the victim). The number of missed attacks is determined by counting the number of completed pcaps (packet captures). The script included in Appendix A can be used to drive Spitfire and count the number of blocked attacks. Spitfire Briefly, Spitfire divides a packet trace into two parts: those generated by the attacker and those generated by the victim. Spitfire parses the packet trace (called the pcap) one packet at a time. The first time an IP address is seen in a file, the IP address is "assigned" to the attacker if it is in the IP source address field of the packet, or assigned to the victim if it is in the destination field. For instance, consider a pcap consisting of a standard three-way TCP handshake contains 3 packets: Packet 1 (SYN): ip.src = ip.dest = Packet 2 (SYN-ACK): ip.src = ip.dest = Packet 3 (ACK): ip.src = ip.dest = When spitfire reads the first packet, the address is encountered for the first time in the source field, and the address is encountered for the first time in the destination field. The address is therefore associated with the attacker, while the address is associated with the victim. When it comes time to replay the attack, victim packets are transmitted on eth2, and attacker packets are transmitted on eth1. To replay the sequence above, Spitfire begins by sending packet 1 (an attacker packet) over eth1. When this packet arrives on eth2, it sends packet 2 out eth2 and waits for packet 3 to arrive on eth1. When the packet arrives, Spitfire sends packet 3 on eth1. When the last packet arrives on eth2, Spitfire outputs that it has completed the pcap. 7 In some IPS products, we found that certain filters would block legitimate traffic, such as the HTTP transfers. These filters were disabled individually and the effect was noted. Page 8

9 If a packet is lost, the sender retries after a timeout period (typically every 2 seconds). The sender infers that the packet is lost if it does not receive the next packet in sequence within the timeout. For example, if Spitfire sends packet 2 on eth2 and does not receive it on eth1 within the timeout, it resends packet 2. If progress is not after a specified number of retransmissions, the session is aborted and Spitfire outputs a message indicating that the session has timed out. To ensure that the packet is correctly routed through the switches, the Ethernet MAC addresses are rewritten when the packet is sent. In addition, the IP addresses are also rewritten and the packet's checksums updated accordingly. Thus, in the example above, when Spitfire sends packet 1, the IP source address of the packet that appears on the wire is , and the IP destination address is Spitfire writes the modified packet directly to the Ethernet driver using a raw socket. Within the context of an IPS, if Spitfire reports that the pcap containing the attack has timed out, the IPS has correctly blocked the attack. If Spitfire reports that the pcap has completed, the IPS missed the attack, regardless of what the log indicates. Conclusion This paper has presented several characteristics that must be evaluated when testing an IPS. Throughput, latency, and attack blocking must be simultaneously measured. Throughput and latency should be on par with other pieces network equipment; in a LAN, this means Gbps throughput with an average latency of a few hundred microseconds. The test tool must independently verify that the tested attacks are blocked (or not). Only attacks that can be blocked should be tested attacks that can only be detected, but not blocked, belong in the domain of IDS testing. To assure scalability, the IPS should be tested with all filters enabled. We have presented a test jig and tool, called Spitfire, that shows how this testing can be accomplished with a modest amount of equipment. Contact TippingPoint Technologies for more information about Spitfire. 8 The mapping of IP addresses can be controlled by a command line parameter to Spitfire. Page 9

10 Appendix A The following script is used to replay attacks in the Spitfire toolset. The only parameter to the script is the unique identifier for the test (e.g., TCP80-first ). Six sample packet trace files are shown you can use as many as you have (we used 773 in the Tolly test). #!/bin/bash run=$1 spitfire -t R 5 \ -f pcaps/dv536/pcap \ -f pcaps/dv536/pcap \ -f pcaps/dv536/pcap \ -f pcaps/dv536/pcap \ -f pcaps/dv536/pcap \ -f pcaps/dv536/pcap \ > $run.log This scripts records attack completion and timeout information to the file $run.log. To determine the number of attacks blocked, the following command is used: grep timeout $run.log wc l The number shown should be the same as the number of pcaps in the attacker script. Page 10

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

IBM Proventia Network Intrusion Prevention System With Crossbeam X80 Platform

IBM Proventia Network Intrusion Prevention System With Crossbeam X80 Platform IBM Proventia Network Intrusion Prevention System With Crossbeam X80 Platform September 2008 pg. 1 Executive Summary The objective of this report is to provide performance guidance for IBM s Proventia

More information

Understanding Slow Start

Understanding Slow Start Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Network Simulation Traffic, Paths and Impairment

Network Simulation Traffic, Paths and Impairment Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Final for ECE374 05/06/13 Solution!!

Final for ECE374 05/06/13 Solution!! 1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

More information

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013

CSE 473 Introduction to Computer Networks. Exam 2 Solutions. Your name: 10/31/2013 CSE 473 Introduction to Computer Networks Jon Turner Exam Solutions Your name: 0/3/03. (0 points). Consider a circular DHT with 7 nodes numbered 0,,...,6, where the nodes cache key-values pairs for 60

More information

Transport Layer Protocols

Transport Layer Protocols Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Performance of Cisco IPS 4500 and 4300 Series Sensors

Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper September 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008

Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 When you buy a broadband Wide Area Network (WAN) you want to put the entire bandwidth capacity to

More information

Transport Layer: UDP vs. TCP

Transport Layer: UDP vs. TCP EEC 189Q: Computer Networks Transport Layer: UDP vs. TCP Reading: 8.4 & 8.5 Review: Internet Protocol Stack Application Telnet FTP HTTP Transport Network Link Physical bits on wire TCP LAN IP UDP Packet

More information

Names & Addresses. Names & Addresses. Hop-by-Hop Packet Forwarding. Longest-Prefix-Match Forwarding. Longest-Prefix-Match Forwarding

Names & Addresses. Names & Addresses. Hop-by-Hop Packet Forwarding. Longest-Prefix-Match Forwarding. Longest-Prefix-Match Forwarding Names & Addresses EE 122: IP Forwarding and Transport Protocols Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ (Materials with thanks to Vern Paxson, Jennifer Rexford, and colleagues at UC Berkeley)

More information

Study Guide for Midterm 1 CSC/ECE , Fall, 2012

Study Guide for Midterm 1 CSC/ECE , Fall, 2012 Study Guide for Midterm 1 CSC/ECE 573-001, Fall, 2012 The focus of this midterm will be on the IP and transport layer protocols. Together with IP, the functions which are required for lower layer interfacing,

More information

COMP 3331/9331: Computer Networks and Applications. Lab Exercise 3: TCP and UDP (Solutions)

COMP 3331/9331: Computer Networks and Applications. Lab Exercise 3: TCP and UDP (Solutions) COMP 3331/9331: Computer Networks and Applications Lab Exercise 3: TCP and UDP (Solutions) AIM To investigate the behaviour of TCP and UDP in greater detail. EXPERIMENT 1: Understanding TCP Basics Tools

More information

Lecture 3: The Transport Layer: UDP and TCP

Lecture 3: The Transport Layer: UDP and TCP Lecture 3: The Transport Layer: UDP and TCP Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 3-1 The Transport Layer Provides efficient and robust end-to-end

More information

Multipath TCP in Practice (Work in Progress) Mark Handley Damon Wischik Costin Raiciu Alan Ford

Multipath TCP in Practice (Work in Progress) Mark Handley Damon Wischik Costin Raiciu Alan Ford Multipath TCP in Practice (Work in Progress) Mark Handley Damon Wischik Costin Raiciu Alan Ford The difference between theory and practice is in theory somewhat smaller than in practice. In theory, this

More information

Low-rate TCP-targeted Denial of Service Attack Defense

Low-rate TCP-targeted Denial of Service Attack Defense Low-rate TCP-targeted Denial of Service Attack Defense Johnny Tsao Petros Efstathopoulos University of California, Los Angeles, Computer Science Department Los Angeles, CA E-mail: {johnny5t, pefstath}@cs.ucla.edu

More information

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized. SiteAudit Knowledge Base Network Traffic March 2012 In This Article: SiteAudit s Traffic Impact How SiteAudit Discovery Works Why Traffic is Minimal How to Measure Traffic Minimal network traffic is the

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Network Probe. Figure 1.1 Cacti Utilization Graph

Network Probe. Figure 1.1 Cacti Utilization Graph Network Probe Description The MCNC Client Network Engineering group will install several open source network performance management tools on a computer provided by the LEA or charter school to build a

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

D. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s)

D. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s) v. Test Node Selection Having a geographically diverse set of test nodes would be of little use if the Whiteboxes running the test did not have a suitable mechanism to determine which node was the best

More information

1. Firewall Configuration

1. Firewall Configuration 1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets

More information

File Transfer Protocol (FTP) Throughput Testing by Rachel Weiss

File Transfer Protocol (FTP) Throughput Testing by Rachel Weiss White Paper File Transfer Protocol (FTP) Throughput Testing by Rachel Weiss Introduction In today s complex networks it is often difficult to correlate different measurements that are reported by network

More information

3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

More information

50. DFN Betriebstagung

50. DFN Betriebstagung 50. DFN Betriebstagung IPS Serial Clustering in 10GbE Environment Tuukka Helander, Stonesoft Germany GmbH Frank Brüggemann, RWTH Aachen Slide 1 Agenda Introduction Stonesoft clustering Firewall parallel

More information

- TCP and UDP - Transport Layer Protocols

- TCP and UDP - Transport Layer Protocols 1 Transport Layer Protocols - TCP and UDP - The Transport layer (OSI Layer-4) does not actually transport data, despite its name. Instead, this layer is responsible for the reliable transfer of data, by

More information

Performance Evaluation of Linux Bridge

Performance Evaluation of Linux Bridge Performance Evaluation of Linux Bridge James T. Yu School of Computer Science, Telecommunications, and Information System (CTI) DePaul University ABSTRACT This paper studies a unique network feature, Ethernet

More information

D1.2 Network Load Balancing

D1.2 Network Load Balancing D1. Network Load Balancing Ronald van der Pol, Freek Dijkstra, Igor Idziejczak, and Mark Meijerink SARA Computing and Networking Services, Science Park 11, 9 XG Amsterdam, The Netherlands June ronald.vanderpol@sara.nl,freek.dijkstra@sara.nl,

More information

The Problem with TCP. Overcoming TCP s Drawbacks

The Problem with TCP. Overcoming TCP s Drawbacks White Paper on managed file transfers How to Optimize File Transfers Increase file transfer speeds in poor performing networks FileCatalyst Page 1 of 6 Introduction With the proliferation of the Internet,

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Network Security TCP/IP Refresher

Network Security TCP/IP Refresher Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014 Outline Network Reference Models Local Area Networks Internet Protocol (IP)

More information

A Transport Protocol for Multimedia Wireless Sensor Networks

A Transport Protocol for Multimedia Wireless Sensor Networks A Transport Protocol for Multimedia Wireless Sensor Networks Duarte Meneses, António Grilo, Paulo Rogério Pereira 1 NGI'2011: A Transport Protocol for Multimedia Wireless Sensor Networks Introduction Wireless

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

VMWARE WHITE PAPER 1

VMWARE WHITE PAPER 1 1 VMWARE WHITE PAPER Introduction This paper outlines the considerations that affect network throughput. The paper examines the applications deployed on top of a virtual infrastructure and discusses the

More information

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery Why Measure the Network? Network Measurement Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 ScienLfic discovery Characterizing traffic, topology, performance Understanding

More information

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet. Lab Exercise TCP Objective To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet. The trace file is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-tcp.pcap

More information

Application Level Congestion Control Enhancements in High BDP Networks. Anupama Sundaresan

Application Level Congestion Control Enhancements in High BDP Networks. Anupama Sundaresan Application Level Congestion Control Enhancements in High BDP Networks Anupama Sundaresan Organization Introduction Motivation Implementation Experiments and Results Conclusions 2 Developing a Grid service

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Computer Networks. Chapter 5 Transport Protocols

Computer Networks. Chapter 5 Transport Protocols Computer Networks Chapter 5 Transport Protocols Transport Protocol Provides end-to-end transport Hides the network details Transport protocol or service (TS) offers: Different types of services QoS Data

More information

TEST METHODOLOGY. Distributed Denial- of- Service (DDoS) Prevention. v1.0

TEST METHODOLOGY. Distributed Denial- of- Service (DDoS) Prevention. v1.0 TEST METHODOLOGY Distributed Denial- of- Service (DDoS) Prevention v1.0 Table of Contents 1 Introduction... 5 1.1 The Need for Distributed Denial- of- Service Prevention... 5 1.2 About This Test Methodology

More information

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Lab Exercise 802.11. Objective. Requirements. Step 1: Fetch a Trace

Lab Exercise 802.11. Objective. Requirements. Step 1: Fetch a Trace Lab Exercise 802.11 Objective To explore the physical layer, link layer, and management functions of 802.11. It is widely used to wireless connect mobile devices to the Internet, and covered in 4.4 of

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Transportation Protocols: UDP, TCP & RTP

Transportation Protocols: UDP, TCP & RTP Transportation Protocols: UDP, TCP & RTP Transportation Functions UDP (User Datagram Protocol) Port Number to Identify Different Applications Server and Client as well as Port TCP (Transmission Control

More information

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation R.Navaneethakrishnan Assistant Professor (SG) Bharathiyar College of Engineering and Technology, Karaikal, India.

More information

Second Midterm for ECE374 04/08/15 Solution!!

Second Midterm for ECE374 04/08/15 Solution!! ECE374: First Midterm 1 Second Midterm for ECE374 04/08/15 Solution!! Instructions: a. Put your name and student number on each sheet of paper! b. The exam is closed book. c. You have 90 minutes to complete

More information

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca

TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca Abstract TCP SYN flooding attack is a kind of denial-of-service attack. This SYN flooding attack is using the weakness

More information

The following reference answers are based on the trace files provided with the text book, which can be downloaded from the textbook website.

The following reference answers are based on the trace files provided with the text book, which can be downloaded from the textbook website. Wireshark Lab 3 TCP The following reference answers are based on the trace files provided with the text book, which can be downloaded from the textbook website. TCP Basics Answer the following questions

More information

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool.

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. Objectives Sniffing Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. What is a packet sniffer? Sniffing is eavesdropping on the network and A packet sniffer

More information

Smart Network Access System SmartNA 10 Gigabit Aggregating Filtering TAP

Smart Network Access System SmartNA 10 Gigabit Aggregating Filtering TAP Smart Network Access System SmartNA 10 Gigabit Aggregating Filtering TAP Gain Access and Visibility to your 10 Gigabit Links Today! 10 Gigabit SR or LR Passive Optical TAP or connect two (2) 10 Gigabit

More information

CS 421: Computer Networks FALL MIDTERM I November 22, minutes

CS 421: Computer Networks FALL MIDTERM I November 22, minutes CS 421: Computer Networks FALL 2004 MIDTERM I November 22, 2004 120 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review Objectives After reading this chapter and completing the exercises, you will be able to: Overview of TCP/IP Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary,

More information

Lab Exercise DHCP. Objective. Network Setup. 1: DHCP Discover. 2: DHCP Offer. Complete exchange. 3: DHCP Request. Short exchange.

Lab Exercise DHCP. Objective. Network Setup. 1: DHCP Discover. 2: DHCP Offer. Complete exchange. 3: DHCP Request. Short exchange. Lab Exercise DHCP Objective To see how DHCP (Dynamic Host Configuration Protocol) works. The trace is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-dhcp.pcap Network Setup Recall

More information

ICMP Protocol and Its Security

ICMP Protocol and Its Security Lecture Notes (Syracuse University) ICMP Protocol and Its Security: 1 ICMP Protocol and Its Security 1 ICMP Protocol (Internet Control Message Protocol Motivation Purpose IP may fail to deliver datagrams

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

Chapter 28 Denial of Service (DoS) Attack Prevention

Chapter 28 Denial of Service (DoS) Attack Prevention Chapter 28 Denial of Service (DoS) Attack Prevention Introduction... 28-2 Overview of Denial of Service Attacks... 28-2 IP Options... 28-2 LAND Attack... 28-3 Ping of Death Attack... 28-4 Smurf Attack...

More information

Stress Testing Switches and Routers

Stress Testing Switches and Routers Stress Testing Switches and Routers Rev 4 How to perform a simple stress test on a Layer 2 switch device step-by-step. APPLICATION NOTE The Xena testers can verify traffic forwarding performance, protocol

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

VIA CONNECT PRO Deployment Guide

VIA CONNECT PRO Deployment Guide VIA CONNECT PRO Deployment Guide www.true-collaboration.com Infinite Ways to Collaborate CONTENTS Introduction... 3 User Experience... 3 Pre-Deployment Planning... 3 Connectivity... 3 Network Addressing...

More information

MOBILITY AND MOBILE NETWORK OPTIMIZATION

MOBILITY AND MOBILE NETWORK OPTIMIZATION MOBILITY AND MOBILE NETWORK OPTIMIZATION netmotionwireless.com Executive Summary Wireless networks exhibit uneven and unpredictable performance characteristics which, if not correctly managed, can turn

More information

Classification of Firewalls and Proxies

Classification of Firewalls and Proxies Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research

More information

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit www.gearbit.com

B-2 Analyzing TCP/IP Networks with Wireshark. Ray Tompkins Founder of Gearbit www.gearbit.com B-2 Analyzing TCP/IP Networks with Wireshark June 15, 2010 Ray Tompkins Founder of Gearbit www.gearbit.com SHARKFEST 10 Stanford University June 14-17, 2010 TCP In this session we will examine the details

More information

Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU

Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Savita Shiwani Computer Science,Gyan Vihar University, Rajasthan, India G.N. Purohit AIM & ACT, Banasthali University, Banasthali,

More information

Operating Systems and Networks Sample Solution 1

Operating Systems and Networks Sample Solution 1 Spring Term 2014 Operating Systems and Networks Sample Solution 1 1 byte = 8 bits 1 kilobyte = 1024 bytes 10 3 bytes 1 Network Performance 1.1 Delays Given a 1Gbps point to point copper wire (propagation

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

Modern Denial of Service Protection

Modern Denial of Service Protection Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network

More information

ITL Lab 5 - Performance Measurements and SNMP Monitoring 1. Purpose

ITL Lab 5 - Performance Measurements and SNMP Monitoring 1. Purpose Lab 5 - Performance Measurements and SNMP Monitoring 1 Purpose Before the Lab Measure the performance (throughput) of TCP connections Measure the performance of UDP connections; observe an RTP flow Examine

More information

Performance Evaluation of VMXNET3 Virtual Network Device VMware vsphere 4 build 164009

Performance Evaluation of VMXNET3 Virtual Network Device VMware vsphere 4 build 164009 Performance Study Performance Evaluation of VMXNET3 Virtual Network Device VMware vsphere 4 build 164009 Introduction With more and more mission critical networking intensive workloads being virtualized

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE

51-30-60 DATA COMMUNICATIONS MANAGEMENT. Gilbert Held INSIDE 51-30-60 DATA COMMUNICATIONS MANAGEMENT PROTECTING A NETWORK FROM SPOOFING AND DENIAL OF SERVICE ATTACKS Gilbert Held INSIDE Spoofing; Spoofing Methods; Blocking Spoofed Addresses; Anti-spoofing Statements;

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

TCP - Introduction. Features of TCP

TCP - Introduction. Features of TCP TCP - Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Internet Transport Protocols

Internet Transport Protocols Internet Transport Protocols Transmission Control Protocol (TCP): TCP Socket Primitives. The TCP Segment Header. Establishing & Terminating TCP Connections: TCP Three-way Handshake. TCP Connection Management

More information

Measure wireless network performance using testing tool iperf

Measure wireless network performance using testing tool iperf Measure wireless network performance using testing tool iperf By Lisa Phifer, SearchNetworking.com Many companies are upgrading their wireless networks to 802.11n for better throughput, reach, and reliability,

More information

Stateful Traffic Generator 10/100/1000G, 10G & 40G Ethernet

Stateful Traffic Generator 10/100/1000G, 10G & 40G Ethernet Stateful Traffic Generator 10/100/1000G, 10G & 40G Ethernet Manufactured By East Coast Datacom, Inc. in collaboration with developers Seven One Solution and NM 2 Why a traffic generator? A traffic generator

More information

T H E TOLLY. No. 202151 October 2002. NetVanta 3200 Access Router versus Cisco Systems, Inc. 1720/1751V Competitive Performance Evaluation

T H E TOLLY. No. 202151 October 2002. NetVanta 3200 Access Router versus Cisco Systems, Inc. 1720/1751V Competitive Performance Evaluation No. 202151 October 2002 NetVanta 3200 Access Router versus Systems, Inc. Competitive Performance Evaluation Premise: Customers who deploy branch office routers have come to expect line rate throughput

More information

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access 1 The Fundamentals of Passiv e Monitoring Access Copy right 2006 Net Optics, Inc. Agenda Goal: Present an overview of Tap

More information

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org 1.pcap - File download Network Security: Workshop Dr. Anat Bremler-Barr Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org Downloading a file is a pretty basic function when described

More information

LAB THREE STATIC ROUTING

LAB THREE STATIC ROUTING LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a

More information

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE Data Sheet V-Net Link 700 C Series Link Load Balancer V-NetLink:Link Load Balancing Solution from VIAEDGE V-NetLink : Link Load Balancer As the use of the Internet to deliver organizations applications

More information

NETWORK FIREWALL TEST METHODOLOGY 3.0. To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.

NETWORK FIREWALL TEST METHODOLOGY 3.0. To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs. NETWORK FIREWALL TEST METHODOLOGY 3.0 To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.com 2011 NSS Labs, Inc. All rights reserved. No part of

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information